Hajime Versus Mirai

Posted by & filed under List Posts.

A malware strain called Mirai is created that amasses a botnet through exploitation of unsecured Internet of Things devices. As the number of zombie devices continues to build, the people behind the malware start to use it in distributed denial of service (DDoS) attacks. Eventually, Mirai really puts itself on the map by launching an attack on security researcher Brian Krebs that measures an incredible 665 Gigabits of traffic per second. Mirai’s author open-sources its code in a hacker forum. Krebs identifies (well, suspects, with extensive evidence) Rutgers University student and DDoS protection firm owner Paras Jha as the malware’s creator.

 

Fast-forward to today: That piece by Krebs (linked above) made a lot of headlines, and Jha was questioned by the FBI; but Mirai didn’t go away. If anything, what appeared to some like an epic battle between good and evil between Krebs and Mirai was actually a small skirmish in a lengthy and developing war. Krebs wanted to unmask a person whom he believed to be responsible for the spread of the botnet, but its code had already been made publicly available. What could be done about Mirai itself? Who could step up to save the rest of the Web from the unprotected segment of the Internet of Things? Someone must have thought that the best bet was to force-secure vulnerable devices and decided that they would be the person to make it happen.

 

Is Hajime Mirai’s Archnemesis?

 

One would imagine that there would be competition among black hat hackers to create the most dominant IoT malware so that they could have as many devices as possible to use as a more effective digital weapon. However, you might not have previously considered that someone might go up against the malware with a completely opposite agenda – sharing the desire to inject code for their own different purposes. Nonetheless, that is exactly what has happened – with a general consensus in the security industry that a white hat hacker is responsible for the Hajime IoT botnet.

 

In fact, after Dan Goodin of Ars Technica noted that it took a great amount of computing knowledge to design and deploy the white hat network, he concluded that it “just may be the Internet’s most advanced IoT botnet.”

 

Hajime is designed to parallel Mirai in certain ways, so it uses the same username and password combination list. The malware infects the IoT device and then blocks four ports that are most widely used for infection. Additionally, it presents a message on the terminal of the infected device, with an encrypted signature, that says the author is “just a white hat, securing some systems.”

 

Since the goals of Mirai and Hajime are directly opposed (to enslave and to protect the devices), Tom Spring of Kaspersky Labs’ Threatpost believes that the Hajime vigilante white hat and Mirai black hats will be locked in an ongoing head-to-head rivalry for control of routers, DVRs, CCTV cameras, thermostats, etc.

 

It’s unclear at this point whom the author of Hajime is. It was first detected by Boulder-based Internet service provider Rapidity Networks in October 2016. Since then, it has grown at breakneck pace, infecting any IoT devices that are using default passwords and have open Telnet ports (i.e., the targets of Mirai).

 

Hajime and Mirai are essentially using the same means – mass self-propagation and infection of the IoT – to achieve very different objectives. Although Mirai is made up of a huge number of devices (estimated at 493,000 in October 2016), it functions as a unified tool that allows cybercriminals to hammer targets.On the other hand, Hajime does not appear to have a purposeful dark side (although intention isn’t everything – see below). Instead, it seems that the only reason it was created is to self-propagate and to seal off any unsecured Telnet ports so that they aren’t taken hostage by Mirai and used to do the bidding of malicious actors, at the expense of whatever victims they choose.

 

Symantec analysts have placed the number of Hajime-infected home routers, webcams, and other devices at 10,000. However, Rapidity Networks had previously estimated that it had spread much more wildly, spreading to 130,000-185,000 devices.

 

Hajime: The Full-Featured IoT Botnet

 

While Mirai has a stripped-down functionality, Hajime has a much more sophisticated feature set. One of the best examples is the manner in which Hajime tries username-password pairs. Mirai just tries a bunch of common possibilities; instead, Hajime parses the information on the login screen to determine what manufacturer is behind it and uses that manufacturer’s default logins. For example, Hajime attempts to attack a MikroTik router with the username “admin” and no password. The Mikrotik documentation shows that combination to be the factory-default. By minimizing incorrect password submissions, Hajime is less likely to get blacklisted or blocked from the device.

 

Plus, another major differentiator between Hajime and its blackhat botnet foes is that it is maintained in a slicker manner. It encrypts communications between nodes and utilizes a peer-to-peer network, via BitTorrent, to send updates and commands. That use of encryption and distribution give it a better defensive posture to Internet backbone companies or ISPs wanting to root it out. When Rapidity Networks found a flaw in a previous version of Hajime, the author updated it to correct the problem.

 

What Else Does Hajime Do?

 

Beyond being able to change the brute force telnet credentials it uses based on its identification of the device, here are some other Hajime capabilities:

 

  • It can infect ARRIS modems using a known remote backdoor, password-of-the-day.
  • While it is infecting, it is able to determine the platform and can sidestep the absence of download commands (wget, etc.) via the loader stub (.s).
  • Hex encoded strings are used to dynamically produce the loader stub through assembly programs that are custom-designed to fit the platform. The port number and IP address of the loader are patched in the code once the loader stub is created.
  • Hajime can determine if an infecting node is currently accessible; if it isn’t, the malware will switch to another device to download the initial code.

 

Temporary Hardening of IoT Devices

 

Hajime does not permanently protect the devices it infiltrates. Just like Mirai, when the device is rebooted, Hajime is gone, and the ports are again vulnerable to Mirai infection. Since both types of infection are short-lived, experts think that Mirai and Hajime will be competing against one another for control indefinitely.

 

There has been vigilante, white-hat malware in the past. The most obvious example in this case is Wifatch, which invaded IoT devices, changed default passwords, shut off ports, and posted warning messages.

 

The issue with any type of malware, even one that has good intentions, is that there can be collateral damage to the device. If the exploit is performed incorrectly or if a port is blocked that is in use, the true owner won’t be able to use it. The malware could infect key infrastructure and push it offline. In other words, we should be careful about thinking Hajime won’t come with a downside.

 

*****

 

Leaving Web safety up to a duel between Mirai and Hajime doesn’t work when it comes to your business. Are you concerned about whether your company can defend itself against DDoS attacks? At Total Server Solutions, our mitigation & protection solutions help you stay ahead of attackers. See our DDoS Mitigation Solutions.

Mobile Mistakes for eCommerce Sites

Posted by & filed under List Posts.

Many of us operate within the business world with a desktop or laptop computer as our primary tool with which we access the web. However, the growth of mobile computing over the last few years has really been astounding. It would be an easy argument that the real face of the internet now is not a PC but a smartphone or tablet:

 

  • According to internet usage tracker Statcounter, which analyzes access to 2.5 million sites, October 2016 marked the first month that mobile traffic exceeded desktop/laptop traffic, at 3% (46.5% smartphone & 4.7% tablet). In 2013, 1 in 4 users (25%) were accessing from mobile; in 2010, 1 in 20 people (5%) were.
  • The number of mobile web users globally (not to be confused with mobile phone users) was expected to exceed 2 billion in 2016 (IDC). Look back just 9 years prior to that in 2007, and desktop had 1.1 billion users vs. 400 million on mobile (comScore). In other words, the mobile web grew roughly 400% during that period.

 

Mobile is clearly a much more important part of business than it was in the past. Many will buy on mobile. Others will conduct research on their phone or tablet before switching to a PC to make their purchase. Either way, an e-commerce company wants to create a strong presence on mobile to beat out their competition.

 

Top Mistakes E-Commerce Companies Make on Mobile

 

Here are thoughts from entrepreneurs on what kinds of missteps e-commerce companies tend to make when aiming to make the most of the mobile web:

 

#1 – Challenging to check out

 

E-commerce companies have generally gotten the idea that you have to focus on showing people exactly how the product looks if you want them to buy. However, for many companies, mobile is simply a reflection of the desktop setup.

 

Be sure that your checkout is optimized specifically for mobile. Optimizing mobile involves “taking advantage of mobile-specific features (like using specific keyboards for different fields), dividing up forms into many more pages and getting rid of unnecessary fields,” notes Shop It To Me founder Charlie Graham.

 

#2 – Frustrating form overload

 

Smartphones and tablets are certainly convenient for internet access, but typing can be a pain. For that reason, Nicolas Gremion of Free-eBooks.net echoes Graham’s point about minimizing fields and forms; plus, he suggests integrating other services that might already contain user information. Allow them to register using their Facebook or Google account. Allow them to pay via Amazon Checkout, Fortumo, or PayPal. Have a checkbox that allows them to automatically transfer their billing info into the shipping section (i.e., without having to re-type it). Test the process carefully for any snags.

 

One key aspect to keep in mind is that users of mobile are not clicking with their mouse but manipulating the screen with their fingers — particularly the thumb. Crazy Egg‘s analysis of this topic suggests there are three main ways that people interact with their smartphones: one-handed (49%), cradled (39%), and two-handed (15%). In all these scenarios, the thumb is critical. Because of that, there is a concept called the Thumb Zone — the area of the screen that is comfortably accessible to the thumb. Roughly speaking, the Thumb Zone is the bottom left-hand corner of the screen. Be aware of that when designing checkout.

 

#3 – Not easy to navigate between products

 

Studies show that more consumers will now purchase from a mobile device, but the process can easily become confusing if you have a broad catalog with numerous categories in your shop. Jonathan Long of Market Domination Media recommends checking out the Best Buy site on mobile to get a sense of a user-friendly mobile experience for a store with a huge range of products. Especially when people are ready to buy (and that describes your ideal traffic), they want to be able to navigate to what they want quickly. Make sure that they can.

 

#4 – Pestering pop-ups

 

You don’t want to ever drill your e-commerce customers with too many pop-ups – and that’s especially critical on mobile. If the average desktop/laptop shopper already seems a bit obsessed with how quickly and intuitively they can get what they need on your site, any sense of patience is gone when that person picks up a mobile device. Hubstaff.com co-founder David Nevogt notes that he will typically abandon a mobile shopping cart if he gets more than 2 pop-ups. “The only exception to this rule is if I’m given the opportunity to sign in via my social accounts,” he clarifies, “because that’s a pop-up that helps me versus a pop-up that asks for my email, which serves the e-commerce company more.”

 

#5 – Really poor responsiveness

 

No one wants to go to your mobile e-commerce shop so that they can wait. A consumer wants to be able to jump around and explore your products rapidly so they can compare options and buy. That requires your site to be strongly responsive. Similarly, user-friendliness is a necessity for mobile, as indicated previously. EVENTup cofounder Jayna Cooke advises to carefully and methodically develop your mobile shop prior to release. Related to responsiveness, it’s critical that you are hosting your site on high-performance infrastructure if you want it to perform at the pace of e-commerce.

 

#6 – Social sharing not set up

 

If you can think of the two most prominent areas of growth on the web, they would probably be mobile and social. Consider these YOY changes in social and mobile social use:

 

  • Between January 2016 and January 2017, the number of active social media users grew 21%, representing an additional 482 million users globally.
  • During that same period, active mobile social use grew 30% — an addition of 581 million people.

 

How can you integrate social prior to checkout? Make it possible for the shopper to ask their friends if they’re undecided on a product, says Allied Business Network co-founder Brooke Bergman. It’s free publicity even if they don’t end up buying.

 

Related: 11 Primary Mistakes Ecommerce Companies Make on Social Media

 

#7 – Relegation of remarketing

 

Don’t be shy about asking for a name and email address early. Once you have that contact info, you can shoot them an email with a coupon code so that they can get a discounted price if they return. As an alternative or supplement to that tactic, you can also use Adwords for remarketing, explains Andesign’s Andrew Namminga, which “will prioritize the delivery of ads to people who have recently visited your website.”

 

#8 – Denial of mobile diversity

 

It’s important to be compatible with every type of mobile device. Any phone or tablet should get impeccably great ease-of-use, notes True Film Production CEO Stanley Meytin. Be sure to test each one.

 

#9 – Absence of an 800 number

 

Of course you want everyone to just buy through the site, but your mobile site should also give the user a fast way to speak with someone at your company directly: a phone number. On a desktop or laptop, people will often check out your FAQ pages or go elsewhere on your site to get their answers. Mobile users desire a straightforward navigation. When they get confused, it makes sense (especially since many are already on their phone) that they would want to simply click to call and get help problem-solving. That phone number is especially important, says LSEO’s Kristopher Jones, because mobile users will often need “a higher level of touch” than their desktop counterparts.

 

*****

 

Do you want your e-commerce company to excel on mobile? At Total Server Solutions, all of our high-performance hosting plans include Unlimited Bandwidth. Learn more.

Best Practices to Improve Magento SEO

Posted by & filed under List Posts.

Kyle is managing a webstore that specializes in refurbished components for mountain and road bikes. The company is planning to “shift gears” with its web store to Magento. Kyle is taking an initial foray into the new web store’s search engine optimization. Although Joe and his team understand that Magento is well-built for the search engines, he wants to fine-tune it immediately so that the site is working at its best.

 

What can Kyle do? Below, we go through several standard best-practice recommendations. First we address immediate, out-of-the-box technical optimization tips to improve search engine friendliness of your site’s URL structure (e.g. metadata, robots.txt, XML sitemap, ALT tags). Then we look at two broader topics: content marketing, with an infographic of pointers from 24 executives, and speed.

 

How to optimize Magento “out-of-the-box” for better SEO

 

Well, you probably did not pull Magento out of a box… Nonetheless, you do need to immediately tweak some of the technical specifications within Magento “out-of-the-box” – to customize it – in order to make its SEO as powerful as possible.

 

The good news from the outset is that Magento is initially well-tuned for SEO, according to Netherlands-based search-engine optimization firm Yoast (which is reponsible for 10.6% of core commits to the WordPress code base, per WP core developer Aaron Jorbin).

 

Before we get into these technical tweaks, note that you want to download the latest release. Here is the official download page for the free open source community version of Magento; here is where you can look at the paid version, Magento Enterprise (which offers improved performance over the Community edition, among other upgrades).

 

Yoast then recommends going into the settings so that you can allow server URL rewrites. Enter System > Configuration > Web > Search Engines Optimization. Within the same panel, click into URL Options and switch “Add store code to URLs” to No.

 

www vs. non-www

 

You will see the base URL for Magento under “Unsecure”/“Secure.” That’s where you can establish your preferred domain name, i.e. the decision between the versions with and without www.

 

Take Kyle. Kyle needs to decide whether his restored cycling component store should be listed as bikepartheaven.com or www.bikepartheaven.com. Joe chooses bikepartheaven.com, thinking that the shortened version is long enough at 23 characters. Simply adjusting this setting does not redirect from www.bikepartheaven.com to bikepartheaven.com though, or vice versa; it only establishes preference. Hence, Joe creates a 301 redirect via .htaccess with mod rewrite, so that traffic goes through the latter version. In addition to better defining how the site is organized, it means that Magento won’t add the SID query to URLs (e.g. ?SID=h7i38596y3t34s3u22sk293484wpd49i). Finally, he verifies that the Base URL matches the redirect.

 

Kyle adds this code to the .htaccess file to redirect index.php to root, at about line 119:

1 RewriteBase / RewriteCond %{THE_REQUEST} ^[A-Z]{3,9} /index.php HTTP/

2 RewriteRule ^index.php$ http://www.bikepartheaven.com/ [R=301,L]

 

Note that if Kyle’s Magento installation had been in the sub-directory http://www.bikepartheaven.com/magento/ instead of the root, he would have used this code:

 

1 RewriteBase /magento/ RewriteCond %{THE_REQUEST} ^[A-Z]{3,9} /magento/index.php HTTP/

2 RewriteRule ^index.php$ http:// http://www.bikepartheaven.com/magento/ [R=301,L]

 

Metadata

 

When you download Magento, it will have the title “Magento Commerce” – which is obviously not the title of your store. To improve your rankings with the search engines, note that you should prioritize the early words: your keywords should come early because people are likelier to see them in that position when scanning a page, and because search engines focus hugely on the first few words.

 

Kyle goes into Configuration > Design > HTML Head and changes the title from “Magento Commerce” to “Sustainable Mountain & Road Bike Parts | Refurbished Cycling Components,” preparing this title that is typically used for generic non-content pages such as the Contact Us page. Then Kyle decides that, for branding, he wants to have the name of his business in all the page titles. He adds “Bike Part Heaven” under “Title Suffix.” However, as advised by Yoast, Kyle leaves the “Title Prefix” empty – since those initial characters are crucially important for SEO keywords. He also avoids adding anything under “Default Description” and “Default Keywords.” Finally, Kyle keeps “Default Robots” at “INDEX, FOLLOW,” because it is not a non-production environment; and he adds the canonical tag. (Here is information on the canonical meta tag within Magento.)

 

You want to optimize your entire store, not just the main pages. Internet marketing blog The Next Scoop recommends a minimum of five keywords per page, used in both the meta title and description. The metadata you use to describe each of your product pages should be both highly relevant and compelling, since the end goal is getting people to click for a better CTR and more leads.

 

Standardly, the meta title should be 40-60 characters, the meta description should be 150-180 characters, and commas should be placed between keywords.

 

XML sitemap

 

You want to serve your site up to the search engines in a manner that makes their job simple. An XML sitemap allows the search engines to more easily search and index your site. The sitemap needs to be submitted directly through the webmaster tools of Google, Bing, etc.

 

Here’s how to create one:

 

  • Go to System > Configuration > Google Sitemap > Add New.
  • For Filename, type “sitemap.XML.”
  • For the path, that is the server directory where you want the sitemap to be stored.
  • Choose the store that the sitemap covers.
  • Save to create the sitemap.

ALT tags for images

 

Product images are incredibly key for ecommerce effectiveness. Just as images are central to captivating shoppers, these images are also fundamental to search engines. Make sure you have ALT tags for all the images.

 

To implement ALT tags systematically, Kyle uses a script that auto-generates them to be the file name (omitting any hyphens).

 

Content

 

The search engines are checking the web for new and helpful thoughts to best answer a user’s request. Plus, there is essentially no way to fake content, because unreadable, poor-value “keyword-stuffed” or duplicate content (via license, plagiarism, or internal reuse) will sink you in search. In this environment, it’s necessary to embrace content marketing. Here is an infographic from customer referral firm ReferralCandy, featuring advice on the topic from two dozen major-brand executives:

24 Juicy Tips for Ecommerce Content Marketing from Inbound Marketing Pros [Infographic]

 

Speed

 

The speed of your Magento store will have an impact on how it gets ranked in the search engines. Performance is also fundamental to strong user experience. To improve your speed, here is some basic advice:

 

  • Use the most recent version of Magento (as indicated above)
  • Tweak your MySQL configuration
  • Enable flat catalog
  • Optimize the images
  • Compress CSS and JS files
  • Optimize logs and database
  • Implement caching
  • Use a content delivery network
  • Choose a high-quality web host.

 

Kyle understands that the infrastructure that backs his site will have a deep impact on the speed he achieves. He decides to lay a strong foundation by switching to a more powerful hosting service and adding a CDN plan before working his way through other improvements.

 

*****

 

Are you like Kyle? If you’re using Magento and building sales, chances are that you are laser-focused on fine-tuning your SEO; and speed is one way to do that. At Total Server Solutions, we offer high performance web hosting for e-commerce. Learn more.

IOT Botnet Persirai

Posted by & filed under List Posts.

Is your CCTV camera staying with the fashionable DDoS trends, switching out its botnet malware like it’s changing its outfit? The rise of more sophisticated and malicious IoT botnet malware is certainly not a laughing matter when these powerful criminal technologies are used to take down websites and online services. However, the rise of other malware strains that are in the same basic category as Mirai (botnet-creation tools leveraging unsecured devices within the Internet of things) does echo the way in which tweaks to established classic clothing staples are released each season, grabbing the real-time headspace of the fashion-conscious.

 

After all, as we head into the warmer summer months, probably every CCTV camera, and even many DVRs, like to try on new malware. One of the most popular choices this season is Persirai – detected targeting more than 1000 different Internet protocol (IP) camera models, an estimated 122,069 total IP cameras. While cameras that should be considered “under-siege” by this malware are spread across the globe, the United States has the third-most potential targets (8.8%), below only China (20.3%) and Thailand (11.6%).

 

Mirai’s More Diabolical Cousin Still Under the Radar

 

Now to be clear, Persirai has not spread nearly as widely as Mirai, which had invaded at least 300,000 devices in 164 countries by October 2016 (and with some reports estimating more than half a million); it’s important to confirm that these more than 100,000 IT devices are at-risk rather than currently under control of the botnet.

 

The news still isn’t great. Using data gathered via the IoT search engine Shodan, researchers revealed that these 120,000+ IP cameras were configured in such a manner that they could fall victim to ELF_PERSIRAI.A.

 

Again, Persirai is part of a bigger and growing problem with the Internet of things: the lack of security within it is being used against the Web at large (well, whatever targets are chosen by the botnet’s master).

 

The reveal of the scope of Persirai is part of a continuing story that really is made for Hollywood. In 2016, the Mirai malware was busy rapidly recruiting (or enslaving, really) hundreds of thousands of CCTV cameras, DVRs, and other IoT devices – forming a massive botnet to be used in delivering a staggering volume of garbage requests for distributed denial of service (DDoS) attacks. Eventually, security researcher Brian Krebs was hit with one of the largest DDoS assaults of all time (September), the source code was released on a hacker forum by its author, and Krebs pointed to the specific individual whom his research concluded had programmed Mirai.

 

How Does it Work? Are the Device Owners Complicit?

 

Botnets are fundamentally about people not having control of their devices, and they succeed in large part because users don’t know that their device is being used for illicit purposes. Once the malware enters the device, the master is able to access the web interface of the camera through TCP Port 81, using universal play and play (UPnP).

 

IP cameras often use UPnP, a set of standards and protocols that allow devices such as intelligent appliances, PCs, and peripherals to be incorporated into a network and recognize each other. Through UPnP, a device can act as a server by opening a port on the router. This technology was widely praised as a functional tool in the past; however, more recently, it has become the increasing topic of security concerns since it presents a clear point of attack.

 

If a hacker logs into the visible interface, they can direct the camera to a site through which a shell script will download and execute on it. From that point forward, a remote master can transmit commands to the device – and to all devices in its botnet – to invade and inject other vulnerable IP cameras through a zero-day vulnerability uncovered in March. The way that the malware is exploiting the cameras allows it to withdraw password files so that they can perform a command injection no matter how complex your password is.

 

In this manner, Persirai creates a greater threat than Mirai does. The central goal of Persira and Mirai is the same though: in response to commands from the master server, the IoT devices are used to DDoS target systems via user datagram protocol (UDP) floods. The remote server that is controlling this botnet is a .IR machine (Iran-based), and Persian characters are used in the code.

 

Persirai is understood in the security community as a spinoff of Mirai since it uses a lot of the code that was open-sourced by Mirai’s author last October. Although Persirai seems to come from a different author, it is also possible that Persirai was created by the original coder to include additional features and make the code more confusing.

 

The zero-day vulnerability mentioned above – which allows access of the password – is the primary “upgrade” from Mirai to Persirai. While the former takes a brute-force approach to break into devices, this one leverages a security loophole to grab the login details directly.

 

This new malware is also important because it signals to security researchers that the people behind this particular version of IoT botnet malware have the acumen to understand the use of exploits to gather passwords. Since that’s the case, device users are wise to immediately patch their devices when new vulnerabilities are discovered.

 

With the rise of the Internet of things among consumers, industry thought-leaders have projected that the perpetrators of DDoS attacks will shift from NTP and DNS servers to unprotected devices. That’s a particular concern because so many everyday users don’t adhere to strong security practices.

 

To make Internet of things devices safe, users should go beyond simply protecting against Persirai by disabling UPnP (so devices can’t suddenly open ports to the internet) and also change their passwords from the default – after all, those default passwords are the only way Mirai can get access.

 

Other general and immediate tips for IP camera and IoT security include:

 

  • Prioritize updating and patching devices.
  • Make your passwords complex and outlaw defaults.
  • Use two-factor authentication if that feature is an option.
  • If 2FA is not available, consider recommending to your device manufacturer that they include it in their next update.

 

Why is the Internet of Things so Prone to Insecurity?

 

IP cameras, routers, thermostats, and other IoT devices are often gluttons for punishment when it comes to cyberattack because the original equipment manufacturer (OEM) of the device is focused on reducing time-to-market at the expense of properly protecting their products. The consumers and even businesses who use them may not understand how critical it is to nix default credentials.

 

The real downside is that we are not headed in the right direction with the Internet of things, even though more devices are coming online all the time. All these additional nodes can potentially be exploited by bad actors. The devices aren’t only footsoldiers for DDoS attacks but can serve as gateways into the network, leading to additional issues such as espionage.

 

*****

 

The rise of the Internet of things is a reminder to owners of devices to keep their systems protected, and for all of us to defend ourselves against DDoS attacks from IoT botnets and others. At Total Server Solutions, we help you prevent attacks before they impact your business! See our DDoS Mitigation Solutions.

How to Choose a Server Provider

Posted by & filed under List Posts.

Meredith is the owner of a niche site that sells clothing and accessories to charter boat captains and other mariners. She sells dozens of products – from shirts, pants, and jackets to jewelry, knives, bags and belts. Sales are strong and continuing to grow. Customer service is fast, personal, and conscientious. Marketing has been fine-tuned to deliver a predictably good ROI for every dollar spent.

 

All those pieces of online success are helpful, but they aren’t enough to keep Meredith’s business growing. She has become more aware over the years that people expect impeccable user experience from her site – and that starts with her infrastructure. After unscheduled downtime that left her feeling that she had put her trust in the wrong outfit, she became more thoughtful about her choice of web host. She switched to a server provider that she felt had the knowledge, experience, security, and support that she needed.

 

In fact, anyone can have difficulties with their website’s performance that can be extraordinarily costly; when Target’s site crashed on Cyber Monday in 2015, they both missed out on a huge influx of sales and paid for the gaffe heavily on social media.

 

Online retail sales will hit almost $2.5 trillion by 2018, so having a comprehensive plan for web growth is increasingly critical. To properly address e-commerce, you need a server provider that has the stability and scalability to impress everyone who visits your website.

 

Here are a few of the criteria that you can use to compare different web hosting companies and find the one that’s the best fit for your business:

 

Help On-Hand

 

You hosting service should allow you to get a fast resolution of any support problem. However, there is a huge range of response time between different companies. The difference between a 3-minute response and a 3-hour response can be, in certain scenarios, a difference of 2 hours and 57 minutes of hair-pulling stress, along with thousands in lost revenue.

 

The fact is, it can be a bit difficult to determine how quickly a hosting service will respond until you test them. When Web Hosting Talk user tnedator first switched to a new hosting company to manage his servers, they started by hardening and optimizing them. An issue with one of his sites resulted in load spikes that made his server unresponsive. The team at the server provider would attempt to connect, ask for a reboot (through a third-party datacenter), make sure the server was live again, and try to determine what was causing the load issue. The “fast and thorough” ticket response, already evident in the first 30 days, gave him confidence that he had made the right choice.

 

To better understand this kind of ticketing response time in context, tnedator signed on with the new hosting provider specifically for their server management. Unmanaged service can be difficult, as he experienced; although you can still get configuration information from your vendor, you can’t get direct, case-by-case answers from your systems manager.

 

In other words, tnedator was benefiting, in part, from transitioning to a server company classified as a managed services provider. These hosting companies check that your configuration settings match what is needed for your load; monitor for potential vulnerabilities and breaches; backup your system; conduct patching; and handle similar ongoing responsibilities.

 

Regular Backup

 

You need all your information to be backed up periodically if you want your site to be secure. That’s a fundamental business continuity concern: if your site gets hacked or your data otherwise becomes lost or corrupted, that backup gets you back online rapidly. Know that your hosting company is as concerned with backups as you are.

 

Security

 

As the CFO of a small Chicago manufacturing business, Pamela was well-versed on proper security practices. Nonetheless, at some point, malware was introduced to her computer, and it represented a very real danger to her company. Whenever Pamela put the web address of a financial institution into her browser, the malware automatically redirected her to a fake site mimicking the bank. A bogus message prompted her to call customer service. After speaking with the agent, $300,000 was immediately transferred out of her account. Acting quickly, they recovered the money. Disaster was averted.

 

These stories, of course, don’t always end happily, which is why security is critical for your firm. Intrusions can knock your site offline and cause compromise of sensitive user data – an impossibly expensive incident for many businesses and the reason why 60% of small businesses that get hacked are bankrupt within 6 months.

 

When you look at server providers, select a company that is compliant with internationally respected protocols regarding control of information handling. The gold standard is Statement on Standards for Attestation Engagements (SSAE) No. 16, a set of parameters for hosting companies and similar services developed by the American Institute of Certified Public Accountants (AICPA).

 

Beyond SSAE 16 compliance, one simple question to ask web hosts relates to password storage. Make sure they are not stored in plain text. Also avoid shared hosting, which can mean that your site gets taken down because of the misbehavior of other users.

 

Positive limitations

 

No one wants to see limitations to their ability to grow, but any hosting plan will include them – either transparently or otherwise. For example, a hosting company might try to attract your business by giving away “unlimited” bandwidth or storage for a surprisingly reasonable monthly rate. In these cases, read the fine print. For cheap hosting with “unlimited” promises, expect your server provider to either shut down your site or throttle it once you hit a certain level.

 

Features

 

The web hosting company you choose needs to offer the software and equipment that allows it to run and serve your site and content management system installation (WordPress, etc.). You should know that certain features are available through your server provider, by asking these questions:

 

  • Do they offer the programs and services you need for your site? What are the main pieces of software you need? What are the system requirements for your CMS?
  • Does the web host offer additional services? For instance, do they provide database management, email hosting, and transfers (so you know you won’t have to go out and shop other companies for related services)?
  • Do you have access to cPanel or a similar control panel? Is installation of WordPress or any other CMS straightforward?
  • Does the company help with migration? What is the cost? What types of terms are involved? Will the company give you free migration to move to their company, or will simply switching providers become an unexpected expense?

 

Scalability

 

You want more customers, but you obviously don’t want that to mean that your site crashes. Find out about your potential server provider’s uptime; third-party services should verify that the service has recorded uptime that’s greater than 99.9%.

 

Customer reviews

 

Check carefully online for reviews from real customers, legitimate hosting industry professionals, or IT publications that can give you a glimpse into the quality of service. Many reviews are actually advertisements with links to affiliates of the company; so be skeptical in this analysis.

 

*****

 

Are you in need of a reliable, fast, and secure server provider? DeWayne Whitaker described Total Server Solutions on Facebook in October 2016: “No matter the time of day, our ‘average’ response time to support tickets is usually under three minutes,” he said. “Support reps are not Level 1 type support, rather they are highly qualified system admins each and every time.” Explore our platform.

Social Media Mistakes for eCommerce Sites

Posted by & filed under List Posts.

People are using social media more and more all the time. Incredibly, nearly one-third of clicking, scrolling, and typing of online users occurs on social networks. On average, we log 116 minutes every day on Facebook, Twitter, and other social channels. Assuming this behavior remains steady long-term, it adds up to 5 years and 4 months of each of our lives! Put another way, we invest more hours in social media than we do in grooming, meals, and even personal face-to-face interaction.

 

According to statistics highlighted in Social Media Today, daily time spent per user is as follows:

 

  • YouTube – 40 minutes
  • Facebook – 35 minutes
  • Snapchat – 25 minutes
  • Instagram – 15 minutes
  • Twitter – 1 minute

 

Given these astonishing figures, it makes sense that businesses are doing what they can to make the most of their social presence. However, posting and hash-tagging effectively can be surprisingly challenging. Errors are made by well-intentioned businesses every day. For e-commerce companies, that means lost sales and possible damage to brand credibility.

 

The good news related to these missteps is that your e-commerce business can garner a competitive advantage simply by avoiding them. Let’s look at 12 of the mistakes that are the most prominent among companies that sell their goods and services online.

 

#1 – Presenting Rather than Conversing

 

Facebook, Instagram, and other social platforms are ready-made environments for discussion with customers and prospects. It helps enormously to lead the way in fostering back-and-forth communication by listening intently, notes Joseph Yi in Ecommerce Rules. Address the needs of your customers as rapidly as you can by checking often for mentions, comments, and messages. By keeping your ear to the ground, you can create more intelligent content that expresses a desire to meet your customers’ needs and expectations.

 

#2 – Racking Up Thousands of Low-Quality Followers

 

If you want to pivot social media into revenue, center yourself on behavior that will help you ultimately get more customers and more sales, rather than just gunning for social signals (likes, comments, etc.). In other words, there is not necessarily any value in buying “followers” (which aren’t really followers if they’re for sale) or casting a broad net that undermines your niche focus.

 

“A quick [or fake] fan isn’t going to translate into more sales,” advises SocialChorus marketing director Dave Hawley, “which is why brands should focus on building loyal, lifelong fans and followers who will become brand advocates.”

 

#3 – Putting On Blinders to Industry Rivals

 

The companies that are in competition with you can be a great source of information on social media, says Reshu Rathi of Betaout. Of course, you want your brand to have its own defined and unique angles, but your competitors’ tactics will certainly give rise to ideas – in terms of what to do, what not to do, how to align yourself with your sector, and how to create differentiation.

 

#4 – Relevance, Your Honor?

 

Humor can work well if it’s carefully contained and vetted, but be careful about posting anything that might irritate your customers due to its controversial or trivial nature (politics, religion, memes, cats doing nutty things, etc.). If you come across as insensitive or unprofessional – and of course your industry is key in terms of where that line is – expect your reputation to take a hit.

 

#5 – Disregarding Trolls and Upset Customers

 

Sure, block users who are hate-mongering or pulling you into their spammy agenda. However, you don’t want to delete or pay no attention to the issue if someone is upset with your product or service. Instead, try apologizing and offering to email them – even if you think their perspective is impolite or unfair. “A simple acknowledgment of a problem can prevent a potential PR nightmare,” notes social consultant Gloria Rand, “and often makes the customer so happy, the company gets a PR boost instead!”

 

#6 – Waiting to Respond

 

Along the same lines, it’s important that you keep nearly constant tabs on your social accounts if you want to meet the increasingly fast response that’s expected by customers. For instance, a Lithium Technologies report shows that 53% of people think that a firm should get a Twitter message back to them within 60 minutes (Rathi).

 

#7 – Lacking a Lead-Gen Plan

 

Social media must, of course, be approached from a more interactive, community-minded perspective than an ad or sales brochure; nonetheless, it’s still fertile ground for acquiring leads. Write an occasional opt-in post for your e-mail list, for instance. Also, remember you generally want this traffic to move from social to your site; linking to value-driven blog posts in your social posts is the most common way to achieve that.

 

#8 – Newsjacking Tactlessly

 

Trending hashtags are typically aligned with current events that are happening right now; in that way, the momentary nature of the present is a key driver of social media. At any point in time, everyone is trying to grab a piece of that real-time mindshare. The problem is that the pace of social media can become problematic. “Without evaluating the implications,” says Vocus social media manager Stacey Miller, “your company risks looking insensitive or ignorant, which can [harm] your reputation.”

 

#9 – Posting Too Often

 

Of course, you want to communicate your brand identity and message by posting (after all, you aren’t only on social media to listen). However, if you unleash too many posts, that could result in losing followers. Part of the reason that’s the case is not just that people are seeing your posts too frequently in their feed but that posting excessively inevitably means lower quality-control. For that reason, you want to post during “prime-time” for your particular target group, advises Saatva Luxury Mattress social media manager Nicolle Hiddleston. When are your followers and others you want to reach active in their accounts? Focus posting on quality rather than quantity to some extent. Posting multiple times daily is good, but posting multiple times hourly can backfire.

 

#10 – Barraging Your Audience with Hashtags

 

Related to point #4 above about relevance, including too many hashtags on a single post will often lead you far off-topic from your key focus. Relevance is absolutely critical, especially considering that people might be searching that particular hashtag for content related to it (rather than through a newsfeed or elsewhere); those users likely won’t be attracted to anything that’s off-topic. Think of it this way: you don’t just want to be going through a huge array of streams. Instead, it makes sense to square yourself directly toward your audience and provide information they might want to hear. If you do discuss current events, keep your target in mind at all times – but contribute to the discussion (i.e., it isn’t a good place to sell).

 

If you avoid “meaningless and shameless promotion of your business,” comments Receptional social media director Sarah Bradley, “you’ll find that your online reputation improves and people will trust what you have to say more.”

 

#11 – Not Having Strong Site Infrastructure to Back It Up

 

In light of the various mistakes that e-commerce companies can make, social media can start to seem frustrating and even, at times, foreboding. However, it’s clearly an important place (and a great place, in many ways) to interact with potential customers. It’s important because you can develop relationships, and those relationships will eventually drive more traffic to your site.

 

Once the traffic gets to your site, you need to meet their needs as quickly as possible, through truly impressive speed and reliability – a site with high performance. At Total Server Solutions, we deliver high-performance web hosting for e-commerce.

How to Choose a Managed Services Provider

Posted by & filed under List Posts.

What is an MSP?

 

In the interest of information security and staying focused on core competencies, many companies choose to work with managed services providers (MSPs). An MSP is an organization that manages the computing needs of customers. Services are performed at a distance and often funded by a subscription, a fee charged each month, although other billing models (such as hourly rates) are sometimes available.

 

It is also common for credible managed service providers to supply potential customers with a service-level agreement (SLA), a legal document listing parameters of the business arrangement, such as quality and performance expectations.

 

7 Tips to Choose the Right MSP

 

There are plenty of companies in this market, so you’re sure to find many options when you need a managed service; but working with the right partner can impact not only security but also key growth factors such as reliability and scalability. Beyond the prerequisite of an SLA, what other criteria do managed services providers need to meet to earn your business? Here are a few tips for selection:

 

#1 – SLA should be based on performance.

 

One main benefit you have with a managed services provider is that you can make demands: the MSP has to live up to the stipulations of the contract (i.e., the SLA). Service providers are used to the fact that businesses want the level of control of knowing that they are protected if the services are not provided at a reasonable level of quality. Service providers that are serious about serving their customers will not flinch at having to reimburse customers if their services fall below the levels stipulated in the contract.

 

#2 – Thorough range of services

 

There is by no means a rule that you must get all your IT managed services from one provider. However, with the excessive administrative, communication, and other maintenance needs of additional relationships, and with the growing concern of cloud sprawl, it’s nice to know that you can get a full range of services through one catch-all partnership.

 

Along similar lines, a provider should be able to manage systems manufactured and developed by a spectrum of vendors. With that breadth of knowledge, a highly qualified MSP will be able to customize what it provides as a trusted advisor to each individual customer – handling each one’s diverse elements and concerns.

 

#3 – Security

 

A high-priority concern for businesses, data security is also a primary area of computing investment. What is the scope of that concept of security? Here are five of the main areas that must be monitored to maintain a legitimately secure environment:

 

  • User security – Involves the end users (customers, employees, etc.) accessing your network; their email use and other actions; and their login details
  • Data security – Involves all your information that is in archives or storage (mapped drives, file shares, emails, etc.)
  • Endpoint security – Involves the company’s smartphones, tablets, laptops, workstations, and servers
  • Infrastructure security – Involves the infrastructure and network components (beyond the servers), ranging from firewalls to switches to routers
  • Physical security – Involves physical access to your grounds, facilities, and data centers or technology areas.

 

The best indicator that a company has sufficient checks and balances in place to achieve a broad range of data protections is the achievement of compliance with respected third-party standards. The most meaningful form of compliance that you can see in a provider is Statement on Standards for Attestation Engagements No. 16 (SSAE 16) Type 2, “Reporting on Controls at a Service Organization,” a standard developed by the American Institute of CPAs (AICPA).

 

#4 – Preventive management

 

A managed services provider should not just be keeping your company safe moment-by-moment but give you a strategic stance so that you’re protected for the future. Beyond simplistic monitoring of your system, an excellent MSP will leverage advanced predictive analysis, scanning failure patterns throughout environments and processes. Seeing that your provider is using cutting-edge methods and technologies, such as combining hands-on monitoring with automated programs to control quality, tells you that you are safeguarded and that the provider is continually refining its systems.

 

A strong provider will be of more use to you if they have a specialized understanding of their niche that clarifies the market – and may even help point the way to new business for your firm.

 

#5 – Financial stability

 

Relying on another company for IT services is common, but it is always scary – because you don’t know if they will be around next year. Check how many years the company has been in business. Similarly, make sure that it is backed by people with strong experience. A transparent presentation of authority through leadership biographical information gives you a sense of who is in charge and what kind of track record they have in making decisions related to managed services.

 

#6 – Use of best practices & expertise

 

Just as you can get a sense of controls and security through a third-party SSAE 16 audit, you want to know that the MSP is following standardized procedures and best practices in areas such as problem management, capacity, configuration, and report generation.

 

The provider should have knowledge that extends beyond conventional operating system maintenance. They should understand and be able to help you with cloud, virtualization, mobility, integration, security, high availability, networking, middleware, and databases.

 

#7 – Consolidated service portal

 

The managed services provider should give you paperwork related to policies and procedures. They should also have a library of knowledge based on previous customer issues and solutions so that fixes can be implemented immediately in the event of a crisis. You also want a user interface that shows you all your services through one intuitive admin panel.

 

Example Security Challenge: Law and Change

 

Since improved security is a core reason that companies use managed service providers, it helps to look directly at that aspect with a sample scenario.

 

One industry in which companies tend to take a particularly strong defensive posture toward data breach (for obvious reasons) is law. However, even in that highly confidential field, firms have trouble getting complete sign-on with security protocols.

 

Fundamentally, security improvement requires operational changes. Safeguards slow down the flow of business, which is why the typical reason someone will argue against a protection is that it is tedious or inconvenient.

 

One specific change that a law firm might put into place is two-factor authentication (2FA) so that there is an additional step beyond the password to log in. That could be a temporary, unique token, or a short numerical code from your smartphone. 2FA is a perfect example of security steps slowing down the process just a bit – which it why it’s important for users to understand why the decrease in speed is worth it.

 

*****

 

Given the concern with security and general ease of doing business, many companies decide that they want to work with a managed services provider. Does that describe your organization? Hopefully, the above advice smooths this transition.

 

If you want to look at a potential MSP partnership now, you can review our offerings. At Total Server Solutions, with an entire platform of ready-built and custom-engineered services that are powerful, innovative, and responsive, you can trust that all our decisions are driven by our relentless desire to help you succeed. See our individual managed services.

Build Trust in Your E-Commerce Store

Posted by & filed under List Posts.

Trust. Just at face value, I think we all know how important that one factor is to e-commerce sales. Certainly it should be on the minds of both consumers and businesses, given the natural security concerns on the Internet – heightened by events such as the Sony hack (a particularly devastating one, with a price tag of $35 million), Heartbleed bug, and incredible rise of the Internet botnet Mirai in an epic duel with security reporter Brian Krebs.

 

The question, then, is how can you build trust in this environment? How can you make the customer feel exceedingly confident on your site when everyone knows that there are dangers inherent in using the Internet? After all, you want to get your share of that e-commerce market – which is set to grow to $4.058 trillion by 2020, according to eMarketer. How can you show your customers that you are doing everything you can to protect them and that you generally look out for their best interests?

 

Trust is based both on perception and on actual evidence. Essentially, you want to be open about the people and personality behind your brand (for the emotional side of trust), and also to give real proof – to show everyone who visits your site that you are legitimate, that the technologies you use are from strong brands, and that third parties back your systems (as with site seals or e-commerce hosted on SSAE 16 audited servers, for instance).

 

What are specific actions you can take to gain customer trust?

 

Embed Trust Seals

 

People really do put quite a bit of faith in trust seals. It makes sense when you think about it. When a third party whose brand the customer might already trust vouches for the website, it will certainly make a user feel more confident when they are deciding whether to make a transaction. Just look at data on the effectiveness of these signals:

 

  • Survey #1 – eConsultancy asked Internet shoppers how they would determine whether to trust a site that they had just encountered (with the ability to give multiple answers). The very first result was trustmarks, with nearly half of respondents (48%) stating it made them feel more comfortable.
  • Survey #2 – A whopping 60.96% of respondents, 89 of 146 people, told Matthew of Actual Insights that they had once abandoned a shopping cart or otherwise left a site because they did not see recognizable trust logos.

 

Since these trust seals are so helpful, it makes sense that one related to your SSL certificate could be particularly effective and easy to implement. An SSL indicator is, assumedly, very effective because it’s based not just on some vague assessment or accreditation but on standardized encryption technology. It is also easy to implement because you simply use the trust seal associated with your SSL certificate, which is typically freely available from the provider. Buying the SSL certificate of a trusted brand will give your site more authority with people who visit.

 

Install a Credible Payment Gateway

 

No one wants to feel at-risk when they put their credit card information into a website. For that reason, strictly from the perspective of trust, is it difficult to argue against the heavy hitters. The most obvious example in this category is PayPal; so you might want to include it as an option. However, you may find it makes more sense to use one of the growing number of legitimate and widely recognized PayPal alternatives.

 

Demonstrate Your Product Being Used

 

Even if you put all the exact specifications of a product in the description, that sometimes isn’t enough. Shoppers will be likelier to trust that you can deliver what they need if you make it easy for them to see how the product looks in action. That can be achieved with big, high-resolution images that showcase the product from various viewpoints, with the ability to zoom in. In fact, you might want to implement a 360-degree shot of the product so that customers have even more realistic three-dimensional visibility.

 

Video is another obvious medium that can make sense for certain types of products – if not all of them, given the SEO benefits. Case in point: When marketing agency Koozai published two nearly identical posts (both about Google services), embedding a 25-second introductory video at the top of one but not the other, the one with the video received 126.75% more unique pageviews (1297 vs. 572).

 

Include Contact Details

 

Where are you? How can I reach you? During what hours are you available if I have an urgent request? For the shoppers who responded to the eConsultancy poll (“Survey #1” above), the second most important factor in establishing trust is easily accessible contact information.

 

A good example of a company using the contact page well to enhance comfort is Zappos, notes Sharan Suresh of Visual Website Optimizer. Specifically, they use words such as “help,” we,” and “family.”

 

A contact page is not just a trust-builder but a lead-generation tool, particularly if you are selling professional services or high-ticket items for which people might want substantive consultation prior to purchase.

 

When providing contact or “about us” information, it also can be key to provide headshots of the people on your team.

 

Humanize Your Brand

 

It’s interesting to really think about what trust is in a social context such as a business interaction. Trust is defined as “anticipated cooperation” by Ronald S. Burt and Marc Knez of the University of Chicago. In other words, when engaging in commerce, a person experiences trust when they believe they will be paying a fair rate for the value they receive from you.

 

Trust is a way that we are able to give up control and still feel calm. We don’t know absolutely what those around us will do. Businesses are similarly unpredictable until we know more about the company culture and reputation.

 

The vague sense of unsureness can be alleviated with human features. Humanizing the brand can be powerful in getting more confidence from site visitors.

 

Sven of Userlike suggests these tactics that accomplish humanization:

 

  • Become more human through a more natural and approachable tone of voice. If you can avoid using excessive industry lingo and bring personality to your tone, you can establish that your brand is built on the efforts of individual people.
  • Invest in content marketing. Brand storytelling and educating through blogs, ebooks, and social profiles gives you a meaningful, targeted way to connect with your audience through text and images.

 

Highlight Reviews

 

People are likelier to believe customers than they are to believe a business – so let them do the talking. How? With reviews. Include reviews on your product pages.

 

One study from Moz found that 67% of online shoppers check out reviews for a product before they buy it. Acknowledging that those people are going to read reviews somewhere, it then logically makes sense to keep them on your site to get that information without browsing elsewhere (or at least limiting external activity).

 

When you integrate reviews into your product pages, make sure that it is easy to navigate them – giving access in a customer-centric, user-friendly way.

 

Adopt High-Performance E-Commerce Infrastructure

 

Another key way to build trust among online shoppers is to deliver a site with the high performance that customers experience when they shop major brands. We can help you with that. At Total Server Solutions, our infrastructure is so comprehensive and robust that many other top tier providers rely on our network to keep them up and running. See our e-commerce solutions.

Posted by & filed under List Posts.

 

  • Why integrate?
  • How to integrate WordPress and Magento with various plugins
  • Improving your blog to better spark e-commerce sales
  • General e-commerce blog rules
  • Types of e-commerce blog posts to try

 

When businesses go out to find core software for their businesses, two of the most important pieces are the content management system (CMS) and the shopping cart. As open source has become increasingly accepted and even preferred in business, WordPress and Magento have emerged as the leaders in these two categories:

  • Magento is the top e-commerce platform among the Alexa top 1 million, at a 29.1% market share. [source]
  • WordPress is even more popular among the CMS competition, with a whopping 58.8% of the market in March 2017. [source]

 

Understandably, any businesses that use these platforms want to use the solutions together as effectively as possible. From a literal perspective in terms of development, businesses want to be able to integrate the two systems. They also want to learn how to better drive traffic from the WordPress blog portion of their site to the Magento shopping cart to make purchases. This blog discusses both of those topics. First, though, let’s talk a bit more about reasoning.

 

 

Why integrate?

We all know that the general concept of integration makes it easier to manage information so you aren’t having to transition between different environments. However, there are specific reasons that businesses often cite for integrating WordPress with Magento (or CMS with shopping cart):

  • Improve the SEO of your e-commerce products so people can find you on Google and Bing
  • Theme integration
  • Ability to share components of one system (such as cart data, menus, or static blocks) within the other
  • The delivery of a user experience that is truly blog-to-cart, with products appearing in your WordPress that link directly to the Magento cart
  • Unifying the login so that shopping carts are less likely to be abandoned.

 

How to integrate WordPress and Magento with an extension

It makes sense to want integration of these two key systems. “Marrying WordPress and Magento can integrate your themes, break down any barriers to order completion, and increase the ease of navigation between the two platforms,” explained plugin and extension developer CreativeMinds.

 

Since WordPress gives you a portal for publishing content, it means you can communicate with and promote to shoppers; bolster your search visibility; and that you have an intuitive system for management of product data. On the other side, Magento is the primary tool you have for major e-commerce needs such as product creation and management; order creation; and the handling of shipments.

 

Harshal Shah of open source magazine Open Source For You suggested using Magento WordPress Integration, a free extension created by FishPig that is supported by the Professional, Enterprise, and Community editions of Magento (3.9 / 5 stars; 282 reviews).

 

To use the extension, you don’t have to adjust the core files of either WordPress or Magento; you can access it through Magento Connect. Once you’ve backed up your system and installed it, you can control both administrative accounts by just logging into your Magento account. It enables you to connect WordPress posts to products within Magento. You can even generate a menu within WordPress and pull it into Magento.

 

Optional add-ons from FishPig are Magento WordPress Multisite Integration and Custom Post Types. The former allows you to integrate all the sites of your entire WPMU installation with numerous Magento stores. The latter gives you the ability to use a variety of templates for WordPress blogs within Magento.

 

Improving your blog to better spark e-commerce sales

If your business is primarily concerned with e-commerce, you might wonder why expressing yourself through a blog is necessary for your business. To look generally at blogging, it is a way to market yourself directly to your customers, straight through your site. Every additional blog post accounts for another indexed page within Google, so it helps your search engine rankings. It gives you content to post and discuss within your social accounts. Finally, it converts traffic to leads – or, even better, into customers.

Blogging is essentially an opportunity to establish authority and show your target audience what you know; that knowledge will in turn make people feel more comfortable trusting you as their supplier.

 

Ryan Harris of Raleigh-based digital marketing company TheeDesign talks about e-commerce blogging using the example of a running shoe store owner. Blogging gives that owner (as it does a marketing team) the chance to talk about various running-related topics. “Consider writing topics about snacks for runners, and the dangers of not properly hydrating,” suggested Harris. “Maybe take the time to blog about a personal achievement like running a marathon.”

 

Now, blogging generally in this manner is part of the e-commerce process because you are driving traffic that’s searching for running topics. Plus, it helps you connect, on a human level, with those who come to your site.

 

Evergreen information, news reports, how-to articles, and best practices lists all work within blogs. Plus, it makes sense for an e-commerce company to ensure the blog has particular characteristics, and to spend some time discussing the products it sells.

 

General e-commerce blog rules

WordPress blogger and podcaster Bob Dunn provided his rules for making the most of an e-commerce blog; although published a few years ago, these ideas are still pertinent:

  1. Your offer should be relevant to your target, to increase interest.
  2. You want to be transparent and authentic with links, so that readers understand they are requesting additional details.
  3. Make your offer highly visible if you want to get clicks.
  4. Incorporate the blog with your products by writing about topics within the blog that tie to calls-to-action (CTAs) for specific products you feature.
  5. You want to leverage the blog for user-generated Look for inspiration in the comments.
  6. Exclusivity is a great way to improve sales. Give deals that are only available to your audience and related to your blog subject.

 

Types of e-commerce blog posts to try

Those broad rules are great, but let’s get more granular. Here are a few specific types of posts to use for your e-commerce blog, as indicated by Harris:

  • Featured product posts – In these posts, you can highlight and possibly compare your current products (either one item or the whole brand).
  • New product posts – Newness, in and of itself, gives a product more value. Show off anything you’ve just started carrying.
  • “Coming soon” posts – Create buzz prior to the arrival of products. It’s especially helpful if a new version of the product is being released, so that people can decide if they want to buy the current one or wait for the launch.
  • Exclusive product posts – We talked above about exclusivity as a general rule, and you can apply that specifically to any products that only you are selling.
  • Gift idea posts – Write up lists of gift ideas for the holidays, for birthdays, Mother’s Day, Father’s Day, and “just because.”
  • Product testing posts – You can test your products and pass on the results.
  • Review posts – You can discuss reviews of products, since reviews are such as major trust signal.
  • Sales promotion posts – Notify your customers of a sale well before it takes place. “Letting your loyal blog readers in on the sale ‘secret’ ahead of time will help them travel farther down the conversion funnel and ultimately lead to a sale,” said Harris.

 

Now, as a note of caution, this discussion of blog topics specific to an e-commerce blog is not intended to advocate writing about products or sales in lieu of quality information related to broader topics. Yes, you can educate on products; but simply talking about your products will make your blog read like an ad. Typically you want to include much larger quantities of helpful information such as how-to articles and trending news.

 

*****

Hopefully the above ideas give you a better sense of some options for integration of WordPress with Magento, and for general integration of blogging with e-commerce. Now, what about upgrading your infrastructure? At Total Server Solutions, we offer high performance web hosting for e-commerce. Increase conversions.

Posted by & filed under List Posts.

 

 

Let’s state the obvious, WordPress is popular:

  • It represents 50-60% of the content management system (CMS) market worldwide.
  • 22% of new sites in the United States use WordPress, as do 297,629 of the Alexa 1 million.
  • Adopters of WordPress include Time, Spotify, TechCrunch, NBC, CNN, Fortune, and USA Today. [source]

 

Clearly businesses recognize that WordPress is an incredibly powerful platform. However, getting the most out of the environment means making it as simple to manage as possible. How can you make WP management more user-friendly? Here are 11 tips:

 

 

 

#1 – Get to know the admin panel

Every section of the WordPress admin interface has various features available – and you’ll find ones that will enhance your manageability. Many of these features are hidden by default. You can toggle their checkboxes using “Screen Options,” which you’ll usually find in the upper right corner of the page.

 

“This is a great way to either remove information that’s cluttering the display, or find options that you think should exist but can’t find (this is particularly true on the post edit page),” suggested Chris Honiball of SmallBusiness.com.

 

You’ll find especially critical options at the lower end of the navigation list – particularly the submenus of Appearance, Tools, and Settings. Getting a sense of the default system early will allow you to understand if the settings are adjusted, since some plugins add menu items to the navigation bar.

 

When new versions are released, become familiar with any additional features and changes, through WP news sites (see #11).

 

The safe way to approach a new release is not to simply install it but to create a sandbox environment so that you can see how any new menus operate. To test-run the new version, or any plugins or themes, install a new WordPress instance onto a local PHP/MySQL server or even a hidden subdomain of your live site.

 

#2 – Organize your categories and tags.

Understanding the proper use and finer points of categories and tags can feel a bit obtuse at the outset. Here is the basic idea:

 

Categories are for broadly setting your posts into different buckets or containers, similar to a table of contents. This organizational tool help readers locate the kind of content they are seeking. It’s a hierarchical model, with the possibility of subcategories.

 

Tags are for specifics of the posts. As opposed to the more general nature of categories, “[t]hink of these as your site’s index words,” advised WPBeginner. “They are the micro-data that you can use to micro-categorize your content.” These organizational elements do not have a hierarchy. Tags could be infinite, but businesses often limit themselves to 100-150 of them to better manage and contain content.

 

Meeting these guidelines will both make management easier and improve your SEO. It’s easiest to set them up before you start writing posts.

 

#3 – Shut off the comments

The conventional wisdom on blogs is that you want comments and to even ask for them at the end of your pieces; they’re seen as foundational to content in many scenarios. However, comments take time to moderate, and your time could be better spent continuing to produce new content, suggested Honiball.

 

To stop the comments, within your control panel, go to Settings > Discussion, remove the check for “Allow people to post comments,” and Save your changes.

 

#4 – Or… spam-sift your comments

Turning off comments may not be for you, since it can be an important way for your audience to interact with you. If that’s the case, you still don’t need to be facing everything the spambots throw your way.

 

To filter for spam, the most commonly recommended plugin is Akismet, which comes with WordPress by default and offers a “name your price” version. To get started, go to the Akismet plans page for a product key.

 

#5 – Automate your backups.

One way that you can waste a lot of time in management is preparing for horrible problems and doing damage control if and when they occur. Regular database and content backups are critical, but you also want them to be seamless. Create automated backups once a week at minimum. There are various options, but one especially highly rated one, UpDraftPlus (4.8 stars based on 2500+ ratings), lets you schedule backups to be saved to your server and another location, such as Dropbox.

 

#6 – Master debugging.

The concept of debugging might sound scary and esoteric, depending on your knowledge of code. However, as you start to understand the amount of control you can have over WordPress if you better understand its inner workings, you may find you want to look up error messages to try to fix them yourself. Respected places to discuss problems and get answers are WordPress Stack Exchange and the WordPress support forums – but you will find additional resources when searching your particular issue.

WP uses various programming languages, but the primary one is PHP. Like a person, if you really want to understand WordPress, learn its language. To wade into the subject, here is a relatively non-technical PHP-for-WordPress tutorial.

 

#7 – Take ownership of the media library.

Many WordPress blogs do not make great use of the media library. Do you ever reuse the same image at multiple points on your site? If so, it’s a good idea to edit the Caption, Alternative Text, and Description fields. That information is especially important for reused images since the data is in more than one place.

 

#8 – Get familiar with user roles.

Likely there are numerous people who will be working on your site. That means you want different levels of access – which is the concept behind user roles.

Within Users > All User > username, you can change anyone’s role in the Name area. The possibilities are:

 

Administrator: This top of the hierarchy is able to change or delete whatever they want, from the posts themselves to theme files.

 

Editor: Anyone assigned this role will be able to edit and publish posts, including those written by others. They can also reassign posts.

 

Author: Those with this role are able to edit and publish their own posts.

 

Contributor: This role is similar to an author but without publishing privileges. They can only edit and submit for approval by an editor or administrator.

 

Subscriber: This role is only able to make changes to their own profile but not the content. This largely blocked role is helpful if you want to send notifications widely using WordPress.

 

#9 – Use an SEO plugin.

WordPress has strong search engine optimization, and you can always approach your marketing with best practices such as consistent content publication (integrated social media and blogs) and keyword research for your site and competition. However, you should automate what you can with an SEO plugin. Yoast SEO (4.8 stars from 10,000+ ratings) is one popular option that takes care of various aspects of basic SEO, such as generating site maps, establishing metadata for each post, and creating tags for social platforms.

 

#10 – Remove clutter by switching to fullscreen mode.

The fullscreen button within the post editor is a great way to improve your focus when you’re working directly on editing or similar post administration. It’s actually called distraction-free writing mode and can be accessed via Shift + Alt + W or by clicking the button to the upper right of the post itself.

 

#11 – Get to know WordPress news sites.

Jake Rocheleau of DesignM.ag advised staying updated by reading informational articles each week, or at least each month, from sites such as WPBeginner, WP Mayor, and WPLift.

 

*****

 

Do you want to make the most out of your WordPress site? At the core of your efforts, quite literally, will be your infrastructure, so be certain that it’s strong. At Total Server Solutions, our cloud uses the fastest hardware, coupled with a far-reaching network. For your WordPress hosting, trust the cloud with guaranteed performance.